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CLAIMS 

1 . Method for managing the security of applications (APP) with a security module 
functioning in an equipment (CB) connected to a network (NET), said network (NET) 
being managed by a control server (CSE) of an operator, said applications using the 
resources (RES) (data or functions) stored in a security module (SIM) locally 
connected to said equipment (CB), comprising the following preliminary steps: 

reception of data comprising at least the type and software version of the 
equipment (CB) and the identity of the security module (SIM), via the network, by the 
control server, 

analysis and verification by the control server (CSE) of said data (ID), 

generation of a cryptogram (J) from the result of the verification of said data 
(ID), and transmission of said cryptogram (J), via the network (NET) and the 
equipment (CB), to the security module (SIM), 

said method is characterized in that the security module (SIM) analyses the 
cryptogram (J) received and activates, respectively deactivates the resources (RES) 
(data or functions) used by at least one application (APP) installed in the equipment 
(CB), said cryptogram (J) comprising the instructions conditioning the functioning of 
the application (APP) according to criteria established by the supplier of said 
application and/or the operator and/or the user of the equipment. 

2. Method according to the claim 1 , characterized in that the equipment (CB) is a 
mobile equipment of mobile telephony. 

3. Method according to the claim 1, characterized in that the network is a mobile 
network of the GSM, GPRS or UMTS type. 

4. Method according to the claims 1 and 2, characterized in that the security 
module (SIM) is a subscriber module of a SIM card type inserted into the mobile 
equipment of mobile telephony. 

5. Method according to the claims 1 to 4, characterized in that the identification 
of the set mobile equipment / subscriber module (SIM) is carried out from the 
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identifier (IMEISV) of the mobile equipment (CB) and from the identification number 
(IMS!) of the subscriber module pertaining to a subscriber to the mobile network. 

6. Method according to the claims 1 to 5, characterized in that the criteria defines 
the usage limits of an application (APP) according to the risk associated to said 
application (APP) and to the type and the software version of the mobile equipment 
that the operator and/or the application supplier and/or the user of the mobile 
equipment want to take in account. 

7. Method according to the claims 1 to 6, characterized in that it is carried out 
after each connection of the mobile equipment to the network. 

8. Method according to the claims 1 to 6, characterized in that it is carried out 
after each of updating the software version of the mobile equipment. 

9. Method according to the claims 1 to 6, characterized in that it is carried out 
after each activation or deactivation of an application on the mobile equipment 

10. Method according to the claims 1 to 6, characterized in that it is carried out 
after each updating of the software version of the subscriber module. 

11. Method according to the claims 1 to 6, characterized in that it is carried out 
after each updating of the resources on the subscriber module. 

12. Method according to the claims 1 to 6, characterized in that it is carried out 
periodically at a rate given by the control server. 

13. Method according to the claims 1 to 6, characterized in that it is carried out 
after each initialization of an application on the mobile equipment. 

14. Method according to anyone of the preceding claims, characterized in that the 
subscriber module (SIM), prior to the execution of the instructions given by the 
cryptogram (J), compares the identifier (IMEISV) of the mobile equipment (CB) with 
that previously received and only initiates the verification operation if the identifier 
(IMEISV) has changed. 

1 5. Method according to the claims 1 to 5, characterized in that the control server 
(CSE), prior to the transmission of the cryptogram (J), compares the identifier 
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(IMEISV) of the mobile equipment with that previously received and only initiates the 
verification operation if the identifier (IMEISV) has changed. 

16. Method according to the claims 1 to 15, characterized in that the cryptogram 
(J) is made up of a message encrypted by the control server (CSE) with the aid of an 
asymmetrical or symmetrical encryption key from a data set containing, among other 
data, the identifier (IMEISV) of the mobile equipment (CB), the identification number 
of the subscriber module (IMSI), the resource (RES) references of the subscriber 
module (SIM) and a predictable variable (CPT). 

17. Method according to the claims 1 to 16, characterized in that the subscriber 
module transmits to the control server (CSE), via the mobile equipment (CB) and the 
mobile network (NET), a confirmation message (CF) when the subscriber module 
(SIM) has received the cryptogram (J), said message confirming the correct 
reception and the adequate processing of the cryptogram (J) by the subscriber 
module (SIM). 

18. - Method according to the claim 1, characterized in that the equipment is a Pay- 
TV decoder or a computer to which the security module is connected. 

19. Security module comprising resources (RES) intended to be locally accessed 
by at least one application (APR) installed in an equipment (CB) connected to a 
network (NET), said equipment comprising reading and data transmission means 
comprising at least the identifier (IMEISV) of the equipment and the identifier (IMSI) 
of the security module, said module being characterized in that it includes means for 
reception, analysis and execution of instructions contained in a cryptogram (J), said 
instructions conditioning the functioning of the application (APR) according to criteria 
predetermined by the supplier of said application (APP) and/or the operator and/or 
the user of the equipment (CB). 

20. Security module according to the claim 19, characterized in that it constitutes 
a subscriber module of the "SIM card" type connected to a mobile equipment. 
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